Team issues the world’s first ISO 27701 certificate to OneTrust

Westminster, CO – September 9, 2019 –Coalfire, a trusted provider of cybersecurity advisory and assessment services, announced today that Coalfire ISO, Inc. (“Coalfire ISO”) launched their new ISO/IEC 27701:2019 readiness assessment and certification service offering within their ISO delivery practice. The company is one of the first certification bodies to offer assessment and auditing services against the new International Standard.

The new readiness assessment service will aid organizations that are looking to transition from maintaining standalone Information Security Management Systems (ISMS) based on ISO 27001 to implementing the new expanded requirements for a Privacy Information Management System (PIMS) under an integrated model for quick deployment at minimal costs.

The ISO 27701 standard, published at the beginning of August, details the requirements for a PIMS, which governs the protection of personally identifiable information (PII). ISO 27701 is the first international privacy standard and provides a formal certification path for organizations to demonstrate their adherence to privacy provisions. The certification is an additive set of controls and management systems requirements based on ISO 27001, the widely adopted standard for information security.

Coalfire ISO followed the development of the new standard from draft issuance as ISO 27552 earlier this year to its final release as ISO 27701. The team was engaged early by existing ISO 27001 certificate clients who had interest in building the PIMS on top of their already-certified ISMS.

Within ten days of the standard’s release, Coalfire ISO had successfully completed an initial certification audit of the ISO 27701 standard for OneTrust, the leading privacy, security and third-party risk technology platform, which was subsequently awarded certification for their demonstration of a conforming PIMS.

“OneTrust is proud to be the first company to achieve ISO 27701 certification, and our work with Coalfire provided us the opportunity to demonstrate our program regarding the processing of personal information with the help of our OneTrust privacy management technology,” said Andrew Clearwater, CIPP/US, Chief Privacy Officer, OneTrust. “ISO 27701 may become the foundation for future GDPR certifications, so it’s a significant achievement that can be used as a case study for other organizations seeking certification.”

“The ISO 27701 standard utilizes best practices derived from foundational information security principles and applies it to a process-driven, risk-based approach for the protection of PII,” said David Forman, Sr. Director, ISO Services at Coalfire. “This new baseline will establish a common alignment among organizations and will further clarify the provisions within the GDPR and other privacy regulations. We are excited to launch third-party assurance offerings supporting this landmark privacy publication and have confidence that this certification mechanism will only promote organizational maturity into the marketplace.”

About Coalfire ISO

As the certification arm of Coalfire, Coalfire ISO provides audit and certification services to public and private sector organizations, adhering to the applicable requirements of both ISO/IEC 17021-1:2015 and ISO/IEC 27006:2015. Coalfire ISO is an accredited certification body under both the ANSI National Accreditation Board (ANAB) and the United Kingdom Accreditation Service (UKAS). CoalfireISO.com

About OneTrust

OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO 27001 and hundreds of the world’s privacy and security laws. OneTrust’s three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit OneTrust.com or connect on LinkedIn, Twitter and Facebook.

About

Coalfire Certificate Program

A Coalfire Certificate is proof-positive that information technology controls have been independently scanned, assessed or validated in accordance with the highest industry standards. Certificates can be displayed on websites or in print.

Coalfire started in 2001 with a simple idea – cyber threats are increasing, compliance mandates are getting more complicated, and a well-designed cybersecurity program can help fuel your overall success.

Coalfire helps organizations comply with global financial, government, industry and healthcare mandates while helping build the IT infrastructure and security systems that will protect their business from security breaches and data theft. The company is a leading provider of IT advisory services for security in retail, payments, healthcare, financial services, higher education, hospitality, government and utilities.

The Coalfire Board of Directors provides invaluable guidance for the organization and reflects Coalfire’s dedication to achieving success for our customers.

Coalfire’s executive leadership team comprises some of the most knowledgeable professionals in cybersecurity, representing many decades of experience leading and developing teams to outperform in meeting the security challenges of commercial and government clients. With diverse backgrounds in IT systems security, governmental security, compliance, and reducing risk while implementing the latest enabling technologies (such as the Cloud and IoT), our leaders understand the challenges customers face.

With a passion for quality, Coalfire uses a process-driven quality approach to improve the customer experience and deliver unparalleled results.

Created in honor of the late co-founder of Coalfire, the Richard E. Dakin Fund at The Denver Foundation is supporting scholarship programs at several universities for promising college students studying cybersecurity and related fields.

Security is a team game. If your organization values both independence and security, perhaps we should become partners.

The increased need for cyber security has become a common enterprise priority across the globe. However, industry requirements for effective cyber risk management are as distinct as the individual entities under fire. Enterprises and government organizations need more than an off-the-shelf audit to provide an effective threat assessment. They need industry- and organization-specific insights, tools and processes to protect digital assets and ensure compliance.

Coalfire can help cloud service providers prioritize the cyber risks to the company, and find the right cyber risk management and compliance efforts that keeps customer data secure, and helps differentiate products.

“Success” at a government entity looks different than at a commercial organization. Create cybersecurity solutions to support your mission goals with a team that understands your unique requirements.

The financial services industry was built upon security and privacy. As cyber-attacks become more sophisticated, a strong vault and a guard at the door won’t offer any protection against phishing, DDoS attacks and IT infrastructure breaches.

The continuum of care is a concept involving an integrated system of care that guides and tracks patients over time through a comprehensive array of health services spanning all levels of care. Interoperability is the central idea to this care continuum making it possible to have the right information at the right time for the right people to make the right decisions.

Maintaining network and data security in any large organization is a major challenge for information systems departments. However, in the higher education environment, the protection of IT assets and sensitive information must be balanced with the need for ‘openness’ and academic freedom; making this a more difficult and complex task.

When it comes to cyber threats, the hospitality industry is not a friendly place. Hotels and resorts have proven to be a favorite target for cyber criminals who are looking for high transaction volume, large databases and low barriers to entry.

The payments industry is undergoing rapid changes and unfortunately, an increasing risk for data breaches. Cyber criminals are growing increasingly businesslike, and payments leaders need to move quickly to cover their cyber risk.

The food and beverage industry is under attack from cyber criminals intent on stealing payment information. The food and beverage industry makes up the highest percentage of breach investigations, at nearly 73 percent, according to Visa.

The global retail industry has become the top target for cyber terrorists, and the impact of this onslaught has been staggering to merchants. To secure the complex IT infrastructure of a retail environment, merchants must embrace enterprise-wide cyber risk management practices that reduces risk, minimizes costs and provides security to their customers and their bottom line.

Private enterprises serving government and state agencies need to be upheld to the same information management practices and standards as the organizations they serve. Coalfire has over 16 years of experience helping companies navigate increasing complex governance and risk standards for public institutions and their IT vendors.

Technology innovations are enabling new methods for corporations and governments to operate and driving changes in consumer behavior. The companies delivering these technology products are facilitating business transformation that provides new operating models, increased efficiency and engagement with consumers as businesses seek a competitive advantage.

Cybersecurity has entered the list of the top five concerns for U.S. electric utilities, and with good reason. According to the Department of Homeland Security, attacks on the utilities industry are rising "at an alarming rate."

Cyber risk management, advisory, technology and compliance services. Manage risk and maximize return on investment to prevent data breaches and theft. Coalfire’s solutions are led by a team of industry experts that help enterprise organizations understand a wide range of compliance and risk management initiatives, which enables a consistent cybersecurity framework across the organization.

Expert assessments that provide an accurate understanding of what you are trying to protect, the inherent and residual cyber risk to your enterprise and the maturity of the your security program and underlying controls